Your message dated Tue, 06 Aug 2019 00:12:30 -0400
with message-id <2807841.dfmYRgPtWv@l5580>
and subject line Re: src:python-tablib: Unsafe use of yaml.load()
has caused the Debian Bug report #933921,
regarding src:python-tablib: Unsafe use of yaml.load()
to be marked as done.
This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.
(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact ow...@bugs.debian.org
immediately.)
--
933921: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=933921
Debian Bug Tracking System
Contact ow...@bugs.debian.org with problems
--- Begin Message ---
Package: src:python-tablib
Version: 0.12.1-2
Severity: grave
Tags: security
Justification: user security hole
The new version of pyyaml no longer allows use of yaml.load() without a
loader being specifed. This raises a deprecation warning which has
caused and autopkgtest failure on this package. These are generally
trivial to fix, see the upstream guidance [1].
Scott K
[1] https://github.com/yaml/pyyaml/wiki/PyYAML-yaml.load(input)-Deprecation
--- End Message ---
--- Begin Message ---
I investigated this some more and tablib uses safe load, the problem is
something else. It fails with both pyyaml 3.13 and 5.1.2.
I also checked and it has no rdepends. It seems buggy, so unless someone
really wants to take over maintenance, rm is probably best.
Scott K
--- End Message ---
